Dynamic group size accreditation and group discounts preserving anonymity

  • Josep Domingo-FerrerEmail author
  • Alberto Blanco-Justicia
  • Carla Ràfols
Regular Contribution


Group discounts are used by vendors and authorities to encourage certain behaviors. For example, group discounts can be applied to highway tolls to encourage ride sharing, or by museum managers to ensure a minimum number of visitors and plan guided tours more efficiently. We show how group discounts can be offered without forcing customers to surrender their anonymity, as long as customers are equipped with some form of autonomous computing device (e.g. smartphone, tablet or computer). Specifically, we present a protocol suite for privacy-aware group discounts that allows a group of customers to prove how many they are without disclosing their identities. The group does not need to be a stable one, but can have been formed on the fly. Coupled with an anonymous payment system, this makes group discounts compatible with buyer privacy (in this case, buyer anonymity). We present a detailed complexity analysis, we give simulation results, and we report on a pilot implementation.


Buyer privacy Group size accreditation Group discounts Digital signatures Smartphones Short-range communications 



The following funding sources are acknowledged: Google (Faculty Research Award to the first author), Government of Catalonia (ICREA Acadèmia Prize to the first author and Grant 2014 SGR 537), Spanish Government (Projects TIN2014-57364-C2-1-R “SmartGlacis” and TIN2015-70054-REDC), and European Commission (projects H2020-644024 “CLARUS” and H2020-700540 “CANVAS”). The authors are with the UNESCO Chair in Data Privacy. The views in this paper are the authors’ own and do not necessarily reflect the views of UNESCO or any of the funders.


  1. 1.
    Abdalla, M., Benhamouda, F., Pointcheval, D.: Disjunctions for hash proof systems: new constructions and applications. In: Advances in Cryptology—Eurocrypt’15, Part II. LNCS, vol. 9057, pp. 69–100 (2015)Google Scholar
  2. 2.
    Attrapadung, N., Libert, B., de Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Public key cryptography—PKC’11. LNCS, vol. 6571, pp. 90–108 (2011)Google Scholar
  3. 3.
    Bellare, M., Shi, H., Zang, C.: Foundations of group signatures: the case of dynamic groups. In: CT-RSA ’05. LNCS, vol. 3376, pp. 136–153. Springer, Berlin (2005)Google Scholar
  4. 4.
    Ben Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE, New York (2014)Google Scholar
  5. 5.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, pp. 313–317. AFIPS Press, New York (1979)Google Scholar
  6. 6.
    Bluetooth SIG: Specification of the Bluetooth System (2013).
  7. 7.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Advances in cryptology—Eurocrypt’04. LNCS, vol. 3027, pp. 223–238. Springer, Berlin (2004)Google Scholar
  8. 8.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity-based encryption with constant size ciphertext. In: Advances in Cryptology—Eurocrypt’05. LNCS, vol. 3494, pp. 440–456. Springer, Berlin (2005)Google Scholar
  9. 9.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Advances in Cryptology—Crypto’01. LNCS, vol. 2139, pp. 213–229. Springer, Berlin (2001)Google Scholar
  10. 10.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Advances in Cryptology—Crypto’05. LNCS, vol. 3621, pp. 258–275, Springer, Berlin (2005)Google Scholar
  11. 11.
    Boneh, D., Hamburg, M.: Generalized identity-based and broadcast encryption schemes. In: Advances in Cryptology—Asiacrypt’08. LNCS, vol. 5350, pp. 455–470. Springer, Berlin (2008)Google Scholar
  12. 12.
    CBC News Canada: Man charged for driving with 2 mannequins in HOV lane.
  13. 13.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Advances in Cryptology—Crypto’88. LNCS, vol. 403, pp. 319–327. Springer, Berlin (1990)Google Scholar
  14. 14.
    Chen, L., Morrissey, P., Smart, N.P.: Pairings in trusted computing. In: Pairing-Based Cryptography—Pairing 2008. LNCS, vol. 5209, pp. 1–17. Springer, Berlin (2008)Google Scholar
  15. 15.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Advances in Cryptology—Crypto’94. LNCS, vol. 839, pp. 174–187. Springer, Berlin (1994)Google Scholar
  16. 16.
    Davis, J.P., McNamara, J.M.A., Rector, J.D.: Devices, systems and methods for identifying and/or billing an individual in a vehicle. US Patent US8280791 B2. Date filed: Dec. 8, 2009Google Scholar
  17. 17.
    De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 Symposium on Computers and Communication (ISCC), pp. 850–855. IEEE, New York (2011).
  18. 18.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad-hoc Groups. In: Advances in Cryptology—Eurocrypt’04. LNCS, vol. 3029, pp. 609–627. Springer, Berlin (2004)Google Scholar
  19. 19.
    Domingo-Ferrer, J., Blanco-Justicia, A.: Group discounts compatible with buyer privacy. In: 9th International Workshop on Data Privacy Management—DPM 2014. LNCS, vol. 8872, pp. 47–57. Springer, Berlin (2015)Google Scholar
  20. 20.
    Domingo-Ferrer, J., Ràfols, C., Aragonès-Vilella, J.: Method and system for customized contactless toll collection in carpool lanes (in Spanish “Método y sistema de cobro sin contacto, por el uso de una vía, para vehículos de alta ocupación”). Spanish patent P201200215. Date filed: February 28, 2012Google Scholar
  21. 21.
    González, A., Hevia, A., Ràfols, C.: QA-NIZK arguments in asymmetric groups: new tools and new constructions. In: ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 605–629. Springer, Berlin (2015)Google Scholar
  22. 22.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM CCS’06, pp. 89–98. ACM Press, New York (2006)Google Scholar
  23. 23.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Advances in Cryptology—Eurocrypt’08. LNCS, vol. 4965, pp. 415–432. Springer, Berlin (2008)Google Scholar
  24. 24.
    Herranz, J., Laguillaumie, F., Libert, B., Ràfols, C.: Short attribute-based signatures for threshold predicates. In: Topics in Cryptology—CT-RSA 2012. LNCS, vol. 7178, pp. 51–67. Springer, Berlin (2012)Google Scholar
  25. 25.
    Joux, A.: A new index calculus algorithm with complexity L(1/4+o(1)) in small characteristic. In: Selected Areas in Cryptography—SAC 2013. LNCS, vol. 8282, pp. 355–379. Springer, Berlin (2014)Google Scholar
  26. 26.
    Jutla, C.S., Roy, A.: Shorter quasi-adaptive NIZK proofs for linear subspaces. In: ASIACRYPT 2013. LNCS, vol. 8269, pp. 1–20. Springer, Berlin (2013)Google Scholar
  27. 27.
    Jutla, C.S., Roy, A.: Switching lemma for bilinear tests and constant-size NIZK proofs for linear subspaces. In: Advances in Cryptology—Crypto’14. LNCS, vol. 8617, pp. 295–312. Springer, Berlin (2014)Google Scholar
  28. 28.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H.: Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. IACR Cryptology ePrint Archive (2016)Google Scholar
  29. 29.
    Libert, B., Peters, T., Joye, M., Yung, M.: Non-malleability from malleability: simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures. In: Advances in Cryptology—Eurocrypt’14. LNCS, vol. 8441, pp. 514–532. Springer, Berlin (2014)Google Scholar
  30. 30.
    Lynn, B.: On the Implementation of Pairing-Based Cryptosystems. Doctoral dissertation, Stanford University (2007)Google Scholar
  31. 31.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 Symposium on Security and Privacy, pp. 397–411. IEEE, New York (2013)Google Scholar
  32. 32.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted, vol. 1 (2008).
  33. 33.
    Paysafecard: Checked Dec. 1, 2014
  34. 34.
    Ràfols, C.: Stretching Groth–Sahai proofs: NIZK proofs of partial satisfiability. In: TCC’15, LNCS, vol. 9015, pp. 247–276. Springer, Berlin (2015)Google Scholar
  35. 35.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: Altshuler, Y., et al. (eds.) Security and Privacy in Social Networks, pp. 197–223. Springer, Berelin (2013)CrossRefGoogle Scholar
  36. 36.
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Shamir, A.: Identity based cryptosystems and signature schemes. In: Advances in Cryptology—CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Berlin (1985)Google Scholar
  38. 38.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Eurocrypt’05. LNCS, vol. 3494, pp. 114–127. Springer, Berlin (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.UNESCO Chair in Data Privacy, Department of Computer Engineering and MathematicsUniversitat Rovira i VirgiliTarragonaSpain
  2. 2.Department of Information and Communications TechnologiesUniversitat Pompeu FabraBarcelonaSpain

Personalised recommendations